Control-Aware Manipulation of ArduPilot via Legitimate MAVLink Commands: Simulation and Hardware Validation

📅 2026-06-20
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This study demonstrates that adversaries can exploit ArduPilot’s sensitivity to parameter changes by issuing short sequences of legitimate MAVLink commands to covertly manipulate PID gains, EKF configurations, and failsafe mechanisms across multiple control layers, thereby steering the drone into unsafe states. Through software-in-the-loop (SITL) simulations and experiments on the Pixhawk 2.4.8 hardware platform, the work provides the first systematic evidence that combining authorized commands with logical vulnerabilities in control logic can critically degrade attitude stability, angular rate response, trajectory tracking accuracy, and state estimation integrity—ultimately leading to loss of control or crash. These findings expose critical security blind spots in flight controller implementations concerning parameter handling and state validation.
📝 Abstract
This paper investigates control-aware attacks against ArduPilot-based Unmanned Aerial Vehicles (UAVs), inwhich an adversary exploits the sensitivity of flight-controller dynamics to parameter changes to cause loss of control and crashes. It describes six attacks that exploit interactions among multi-layer controllers by modifying Proportional-Integral-Derivative (PID) gains, altering Extended Kalman Filter (EKF) estimation configuration, and violating failsafe assumptions, thereby forcing ArduPilot into unsafe operating conditions. We evaluate the attacks in Software-in-the-Loop (SITL) simulation and validate them on a Pixhawk 2.4.8 hardware platform. The results show that short sequences of well-formed MAVLink messages can exploit controller sensitivity to parameter values and updates frequency, affecting controller states and degrading attitude stability, angular-rate behavior, trajectory tracking, and estimator health. We demonstrate that when multiple effects are combined, the vehicle can enter an unsafe state and crashes. These findings show that security gaps in input-parameter handling, command trust, and controller-state validation can be exploited to cause loss of control and crashes in UAVs.
Problem

Research questions and friction points this paper is trying to address.

control-aware attacks
ArduPilot
UAV security
MAVLink
flight controller
Innovation

Methods, ideas, or system contributions that make the work stand out.

control-aware attacks
MAVLink commands
ArduPilot security
PID gain manipulation
Extended Kalman Filter (EKF) exploitation
F
Feras Benchellal
University of North Texas, Denton, TX, USA
L
Lotfi Ben Othmane
University of North Texas, Denton, TX, USA
Y
Yasaswini Konapalli
University of North Texas, Denton, TX, USA
C
Cihan Tunc
University of North Texas, Denton, TX, USA
Bharat Bhargava
Bharat Bhargava
purdue